database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-11-22 12:22:45 +03:00
Code Activity

Add support for privileges on types

Browse Source 
This adds support for the more or less SQL-conforming USAGE privilege
on types and domains.  The intent is to be able restrict which users
can create dependencies on types, which restricts the way in which
owners can alter types.

reviewed by Yeb Havinga
This commit is contained in:
Peter Eisentraut
2011-12-20 00:05:19 +02:00
parent 05e992e90e
commit 729205571e
41 changed files with 1249 additions and 201 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
src/backend/catalog/pg_aggregate.c
View File

@@ -71,6 +71,7 @@ AggregateCreate(const char *aggName,
int i;
ObjectAddress myself,
referenced;
AclResult aclresult;
/* sanity checks (caller should have caught these) */
if (!aggName)
@@ -200,6 +201,28 @@ AggregateCreate(const char *aggName,
false, -1);
}
/*
* permission checks on used types
*/
for (i = 0; i < numArgs; i++)
{
aclresult = pg_type_aclcheck(aggArgTypes[i], GetUserId(), ACL_USAGE);
if (aclresult != ACLCHECK_OK)
aclcheck_error(aclresult, ACL_KIND_TYPE,
format_type_be(aggArgTypes[i]));
}
aclresult = pg_type_aclcheck(aggTransType, GetUserId(), ACL_USAGE);
if (aclresult != ACLCHECK_OK)
aclcheck_error(aclresult, ACL_KIND_TYPE,
format_type_be(aggTransType));
aclresult = pg_type_aclcheck(finaltype, GetUserId(), ACL_USAGE);
if (aclresult != ACLCHECK_OK)
aclcheck_error(aclresult, ACL_KIND_TYPE,
format_type_be(finaltype));
/*
* Everything looks okay. Try to create the pg_proc entry for the
* aggregate. (This could fail if there's already a conflicting entry.)